[01:00.110 --> 01:05.110]  Welcome everybody to Ask the EFF and Meet the EFA.
[01:05.110 --> 01:11.530]  It is lovely to be back, sort of, at DEF CON for another year.
[01:11.530 --> 01:16.130]  We've been doing Ask the EFF for, I think, since DEF CON 13,
[01:16.130 --> 01:20.830]  taking your questions about the Electronic Frontier Foundation.
[01:20.830 --> 01:25.890]  Welcome everybody to Ask the EFF and Meet the EFA.
[01:25.890 --> 01:29.890]  It's lovely to be back, sort of.
[01:29.890 --> 01:35.390]  Sorry, I had two things on our channel here, so I had to deal with the echo.
[01:35.390 --> 01:39.690]  So, it's great to be here. We have an amazing panel for you.
[01:39.990 --> 01:45.430]  And we will be going down the panel so you can get an introduction.
[01:45.430 --> 01:48.370]  Let me introduce myself. My name is Kurt Opsahl.
[01:48.370 --> 01:53.650]  I am the Deputy Executive Director and General Counsel of the Electronic Frontier Foundation.
[01:53.650 --> 01:58.930]  And I am delighted to be back here. I work on a number of different things at EFF.
[01:58.930 --> 02:03.450]  One of them is the Coders' Rights Project, along with Hannah, who you'll see shortly.
[02:03.730 --> 02:09.650]  The Coders' Rights Project is where we provide free legal advice to security researchers like yourselves
[02:09.650 --> 02:15.310]  when they have questions about legality of their research,
[02:15.310 --> 02:19.890]  issues that may arise from disclosing it when a vendor gets upset.
[02:19.890 --> 02:24.330]  And these are things that we often provide to this community.
[02:24.330 --> 02:29.650]  But I always begin this panel with noting that this is not the time for those questions.
[02:29.710 --> 02:33.330]  You need to have those conversations in an attorney-client-privileged situation,
[02:33.330 --> 02:39.270]  which is not when it's being live-streamed to everybody at the DEF CON Twitch channel.
[02:39.350 --> 02:45.170]  So, we're happy to ask questions, including questions about general legal principles,
[02:45.170 --> 02:48.290]  but if it's about your particular situation,
[02:48.290 --> 02:52.030]  and that includes when you're asking for a friend, but it's really you,
[02:52.730 --> 02:55.230]  those are not the time to ask these sorts of questions.
[02:55.550 --> 02:59.110]  But feel free to ask your more general questions.
[03:00.810 --> 03:05.410]  And we can talk about, in addition to the Coders' Rights things, we have Hannah here,
[03:05.410 --> 03:06.990]  so we'll introduce yourself in a second.
[03:07.250 --> 03:13.370]  We also have the opportunity to talk about, well, one of the things that's come up lately
[03:13.370 --> 03:22.590]  that Eva and I worked on TikTok and the ban, also expanding to a ban on ByteDance
[03:22.590 --> 03:27.050]  and Tencent, the parent companies, a lot of interesting implications there.
[03:27.470 --> 03:33.890]  You can hear a bit more about our activism work through Rory.
[03:33.890 --> 03:37.710]  So, we've got a good show for you. Looking forward to your questions.
[03:38.070 --> 03:40.990]  So, why don't we start it out with Rory. You want to begin?
[03:40.990 --> 03:47.990]  Yeah, sure. Hey, DEF CON. I'm Rory. I'm the newest member of the EFF activism team.
[03:47.990 --> 03:52.350]  And I came on in March as the grassroots advocacy organizer.
[03:52.350 --> 03:57.150]  In that role, I work on the organizing team, which manages the EFA,
[03:57.150 --> 04:01.710]  which is our nationwide network of over 70 local grassroots organizations.
[04:01.710 --> 04:03.610]  I'm not going to spend too much time talking about that,
[04:03.610 --> 04:06.910]  because you're going to meet them for yourself in just a little bit.
[04:07.750 --> 04:13.150]  But the gist of it is, unfortunately, EFF can't be everywhere at once.
[04:13.590 --> 04:18.390]  And these local groups really do a lot of heavy lifting for city and state level issues,
[04:18.390 --> 04:21.910]  and are incredibly important for our success.
[04:22.510 --> 04:27.410]  And I'm lucky enough for my role to be building a lot of these relationships with local groups
[04:27.410 --> 04:32.630]  that are either currently members or potential members for the EFA.
[04:32.630 --> 04:39.330]  And I'm actually lucky enough to come to the EFF and this organizing team from an EFA group myself.
[04:39.330 --> 04:44.050]  I was a founding member of the CYPR collective, which you'll also meet in a little bit.
[04:44.390 --> 04:49.310]  So I'm really excited to have benefited so much from this network.
[04:49.310 --> 04:53.510]  And now I get to give back and help construct and build it further.
[04:54.050 --> 04:57.310]  In addition to that, part of my background,
[04:57.310 --> 05:01.510]  I care a lot about digital security for activists and LGBTQ plus communities.
[05:01.510 --> 05:04.330]  That's very much part of my CYPR background.
[05:04.890 --> 05:10.710]  I'm also technically still a grad student, but a former grad student and adjunct professor.
[05:11.170 --> 05:15.730]  So I care a great deal about student rights and teachers' rights,
[05:15.730 --> 05:20.710]  and concepts like open education, campus privacy, open science.
[05:20.790 --> 05:27.050]  And then finally, we talk a lot about EFA being in kind of three buckets, unofficially,
[05:27.050 --> 05:33.360]  of the workshop bucket, the advocacy bucket, and the makerspace or hackerspace bucket.
[05:33.750 --> 05:38.770]  And it's that last one that I really am hoping to expand on moving forward.
[05:38.770 --> 05:44.970]  We already have a lot of great hackerspaces in the EFA, including several DEF CON groups.
[05:44.970 --> 05:49.670]  Shout out to DEF CON 201, 319, 313, and 919.
[05:49.670 --> 05:55.210]  And then also artistic digital arts spaces like Eyebeam and NYC.
[05:55.210 --> 05:59.530]  So I think it's really important that we expand into this creative territory,
[05:59.530 --> 06:04.430]  because honestly, creativity and fun are a really important part of movement building, I think.
[06:04.430 --> 06:07.510]  The old, if I can't dance, it's not my revolution.
[06:08.130 --> 06:16.210]  And I think these issues of freedom of expression and play are one of the best ways to get people engaged in digital rights issues,
[06:16.210 --> 06:22.350]  because you might not think about copyright or patent or DRM or right to repair or any of these issues
[06:22.350 --> 06:27.390]  until it becomes a barrier between you and this really cool project you want to do.
[06:27.390 --> 06:30.390]  So I think it's a really important part I'm hoping to expand.
[06:30.390 --> 06:35.410]  So I think there's a lot of folks in the audience that are involved in those sort of projects.
[06:35.450 --> 06:40.730]  I'll plug now. Reach out to me at Rory at EFF.org or organizing at EFF.org.
[06:44.070 --> 06:46.150]  And then I guess we go to Hannah.
[06:49.950 --> 06:54.270]  Hi, I am Hannah. I am a staff attorney at EFF.
[06:54.270 --> 06:59.070]  I'm super excited to be virtually part of DEF CON.
[06:59.230 --> 07:03.170]  I'm really looking forward to the day when we can attend in person.
[07:03.530 --> 07:07.590]  But I, like Rory, I started very recently.
[07:07.590 --> 07:13.910]  I only started in April. It's kind of an unprecedented time and a very unique time to be starting work at EFF.
[07:13.910 --> 07:22.130]  There are a lot of issues that have come up in relation to the things that have been going around in the world in 2020.
[07:22.130 --> 07:27.050]  COVID, of course, being one of the large ones, but also the protests that have risen up around the country
[07:27.050 --> 07:38.450]  and indeed around the entire globe for justice, racial justice against police brutality and related topics.
[07:38.690 --> 07:42.070]  My background is actually in criminal justice.
[07:42.070 --> 07:50.490]  So I come from having practiced in criminal defense law for a number of years before joining EFF.
[07:50.490 --> 07:56.490]  So as Kurt mentioned, I am part of the Coders' Rights Project.
[07:56.490 --> 08:01.030]  And he already gave a really good explanation of that, so I won't go into it.
[08:01.030 --> 08:05.850]  But needless to say that it is an important part of our work.
[08:05.850 --> 08:14.490]  I, as someone who very long time ago in a different lifetime for undergrad had a computer science degree,
[08:14.490 --> 08:22.410]  really appreciate the kind of work that we can do for independent security researchers, hackers, tinkerers,
[08:22.410 --> 08:28.470]  anyone who's interested in poking around in systems and the like.
[08:28.470 --> 08:37.230]  And recently at EFF, I guess my most recent cases, I've also worked a lot on police tech and forensic technology
[08:37.230 --> 08:43.190]  because law enforcement and prosecutors use a lot of different types of technology,
[08:43.190 --> 08:51.110]  from things like automatic license plate readers and facial recognition, which we hear a lot about,
[08:51.110 --> 08:56.910]  to things that we hear slightly less about, like forensic probabilistic software,
[08:56.910 --> 09:01.630]  which is supposed to do DNA analysis and match DNA of people.
[09:01.630 --> 09:07.870]  And, you know, you hear these giant numbers like one in three trillion or something like that,
[09:07.870 --> 09:11.910]  where people are matched. And actually there's a lot of issues with these technology.
[09:11.910 --> 09:18.830]  And what we have seen before is that law enforcement, that these kinds of technology tend to be used
[09:18.830 --> 09:23.670]  against marginalized groups and against the most vulnerable communities.
[09:23.670 --> 09:31.670]  So we really should make sure that they're constitutional, that they're accurate, that they're not biased.
[09:31.670 --> 09:34.830]  And if they are, they should not be used at all.
[09:34.830 --> 09:42.050]  So I look forward to engaging with the DEF CON community and to listening to all your questions.
[09:42.330 --> 09:43.930]  Thank you. Eva?
[09:46.560 --> 09:51.840]  Hi there. I'm Eva Galperin. I'm the director of cybersecurity at the Electronic Frontier Foundation.
[09:51.840 --> 10:01.000]  This is extremely not my first DEF CON. I have been coming to DEF CON since somewhere around the year 2000.
[10:01.220 --> 10:09.360]  Dinosaurs were roaming DEF CON. And it was sort of in this setting that I discovered EFF.
[10:09.360 --> 10:13.940]  Little, you know, sort of clueless teenage me went, hey, these guys seem to be the good guys.
[10:13.940 --> 10:16.220]  I should do that one day. And then I did.
[10:16.220 --> 10:26.080]  So I've been at EFF since 2007. And I have done, I don't even know how many of these Ask EFF panels.
[10:26.120 --> 10:40.640]  But right now what I do is I run the EFF Threat Lab, which is a group of researchers who work specifically on issues that affect particularly vulnerable populations.
[10:40.640 --> 10:53.820]  So people who are protesting, people in LGBTQ populations, people who have unpopular political opinions, people who are part of ethnic minorities.
[10:54.320 --> 11:04.580]  We're interested in having their backs. And I don't know if you have been watching some of these DEF CON talks at the virtual event.
[11:04.580 --> 11:16.800]  But my colleague, Cooper Quinton, gave a talk on his project, Crocodile Hunter, which had to do with tracking fake base stations.
[11:16.800 --> 11:22.000]  And I strongly recommend that. It's based on the work that he did with our colleague, Yamna.
[11:22.280 --> 11:31.080]  So I can answer questions about that. And also I can answer questions about TikTok and about general sort of privacy and security advice.
[11:31.080 --> 11:39.400]  And how to reach out to people in a way that moves them to action, but does not scare their pants off.
[11:42.730 --> 11:47.590]  All right. Well, thank you for that. So that is the introduction to our panel.
[11:47.630 --> 11:54.870]  Oh, wait. Alexis is a little bit late, but still lovely to have you here. Alexis, you want to give an intro, please?
[11:55.710 --> 12:07.730]  Hi. Sorry for being late. I'm Alexis Hancock. I'm a staff technologist at the EFF. And I've been around working at EFF about two years now.
[12:07.730 --> 12:12.350]  So coming on my two-year anniversary, actually. Just now realized that.
[12:12.450 --> 12:18.850]  I work on the project HTTPS Everywhere. And mainly that's my main focus.
[12:18.850 --> 12:27.210]  But I also do research on other aspects of consumer privacy and how it impacts different populations.
[12:27.230 --> 12:35.910]  So that's been my focus. And as of late, especially with COVID immunity passports, which mentioned verified credential technology.
[12:35.910 --> 12:41.070]  So dealing with mobile identities research and how that may impact the general public.
[12:42.510 --> 12:44.550]  And that's my intro.
[12:46.590 --> 12:55.870]  All right. Well, thank you, Alexis. So that is our panel. We are now going to turn to your question. We've had a few questions come in.
[12:55.890 --> 13:04.530]  So one question is, what is the strongest and most readily understood argument to support protection of end-to-end encryption?
[13:04.530 --> 13:15.290]  We're talking with organizations, particularly non-technical audience, working to address controversial complex topics such as the transmission of child sex abuse materials.
[13:16.470 --> 13:19.250]  So Rory, did you want to have something to say on that?
[13:19.450 --> 13:27.770]  Yeah, definitely. So this is something that I think comes up a lot when you're engaging different communities on things like end-to-end encryption or even just the concept of hacking.
[13:27.770 --> 13:32.230]  People have this very NCIS kind of concept of what that means.
[13:32.230 --> 13:35.850]  That you must be like this shady character.
[13:36.010 --> 13:44.450]  But what I usually like to pivot to is say, it's less about being shady and being on the margins, more about being on the margins.
[13:45.010 --> 13:53.930]  That end-to-end encryption is really important. Yes, sometimes for people with nefarious purposes, but also people with very good just purposes.
[13:55.410 --> 14:01.210]  The power of breaking end-to-end encryption or banning it is one that you have to consider.
[14:01.590 --> 14:10.430]  Is that a power you want? You might be comfortable with the US president having, but are you okay with another foreign leader having?
[14:10.730 --> 14:19.850]  Current leader, future leaders? And thinking about who is on the margin and who are we protecting with this technology?
[14:19.850 --> 14:28.550]  And ultimately, everyone has the right to have that protection, right? It's part of being able to speak freely and live in a free society to have some privacy.
[14:28.770 --> 14:39.090]  So I think that's usually a good hook for folks that are kind of just honestly perplexed by why anyone would support end-to-end encryption.
[14:40.590 --> 14:54.250]  Thanks, Rory. To add a little something from my experience, I've been to a number of events or conferences where people from the organizations that are trying to stop childhood sexual abuse were present.
[14:54.250 --> 15:00.770]  We talked about end-to-end encryption. And I'd say that they actually were understanding about the human rights concerns.
[15:00.770 --> 15:11.150]  They have their very strong position. They want to be able to do whatever they can to stop child sexual abuse materials.
[15:11.630 --> 15:29.850]  But I would say in terms of just talking about it, they were a lot more understanding that there were countervailing human rights concerns about breaking encryption than the government people who are at the very same conferences who are often using or pointing to those groups in order to support their arguments.
[15:30.270 --> 15:45.730]  And I think they probably, you know, we're not going to agree on the ultimate path for encryption, but I think that they would say if there's a way to have, you know, great, strong encryption, you know, that is fine, so long as their needs are addressed.
[15:45.790 --> 15:48.370]  But we can have the conversation, at least.
[15:49.550 --> 15:53.110]  All right, we'll get to another one of your questions.
[15:53.960 --> 16:03.330]  What would you say would be the difference between Congress interviewing Mark Zuckerberg in 2018 and Congress interviewing the tech giants a few weeks ago?
[16:04.350 --> 16:09.290]  Anyone been following that? We don't have our alleged team on.
[16:09.290 --> 16:15.310]  I did watch the antitrust hearing that came up recently.
[16:15.310 --> 16:31.730]  I won't be able to speak historically to what our alleged team thought of the previous hearing, but from what I did, some eyes from my colleagues that watched both, Zuckerberg generally seems more prepared for these questions from Congress.
[16:32.510 --> 16:50.770]  Then normally, then the other CEOs that came through with the original intention of what the hearings are about are trying to see, like, exactly where are the PowerPoints that you can focus in on with these organizations and where exactly are they overstepping.
[16:50.770 --> 17:06.090]  And the differences between the last one and this one, from what I surmised, was that they were just coming to terms with privacy issues and how the general public are worried about them with Zuckerberg and Facebook, Cambridge Analytica.
[17:06.530 --> 17:19.170]  All those different types of like themes came up with his hearing in particular, and he seemed more strained then, and then this time around he seemed way more prepared than the other CEOs.
[17:19.170 --> 17:28.650]  So the other CEOs had came and asked about this and we also want to call to the other previous antitrust hearing that Bill Gates attended two years back.
[17:28.930 --> 17:42.510]  That the legislation team also mentioned, where that was kind of like the beginning of Congress's thought patterns on how to regulate and what to do when it comes to tech companies gaining such a mass amount of market power.
[17:42.510 --> 17:56.050]  So I do suggest looking back at that hearing as well and seeing what people's opinions were on that, because that was kind of where it started, I believe, with Congress's thought patterns on what to do and what to ask when it comes to tech.
[17:56.050 --> 18:17.290]  Mark Zuckerberg's hearing was very much so rife with people who didn't quite understand how the tech, and were asking questions that didn't necessarily get to the meat of the issue on why exactly Facebook has been nefarious, and why exactly Facebook's practices are a problem
[18:17.290 --> 18:31.850]  versus understanding other things. That came up again at this recent antitrust hearing where a couple Congress members, or at least one I remember in particular, who didn't quite understand how spam email worked and kind of tried to like blame Google for that.
[18:31.850 --> 18:49.290]  So that was pretty much what I saw from the recent hearings from Facebook's side. Apple was mainly quiet around the issues that we wanted them to talk about. But overall, I did like the round of questioning that did happen from some of the representatives on the Judicial Committee.
[18:49.290 --> 19:07.150]  And they tried their best to grill them on the things that did matter at times, but then it's a balance between the different parties and what their intentions were. It seemed like the Republican Party was more focused this time around on censorship, and that's not antitrust.
[19:07.150 --> 19:32.420]  So it went from good antitrust question to really bad sidetracked censorship question. So not focusing on antitrust was a real big, I think, pain point for a lot of people watching who really wanted them to focus on the antitrust portions of the questions. And that's my peripheral, you know, summation as a non-legislative person from EFF.
[19:33.580 --> 19:54.540]  All right. Yeah, thank you. And go to our website to get more information because we have blog posts covering both those sets of hearings. So another question came in. Does EFF, as a U.S.-based organization, how does EFF, as a U.S.-based organization, see its role internationally? I think Eva got this one.
[19:54.540 --> 20:13.980]  All right, I can cover this one. I worked as part of EFF's international team for many years. And EFF started out as an American-based organization. And this was largely because we saw ourselves as a group of people who primarily did impact litigation.
[20:13.980 --> 20:33.080]  And so we had a bunch of U.S.-based lawyers because the U.S. is where most of the laws that were impacting the Internet or impacting the cutting edge of technology were being made and where the court cases were happening. And we are not entirely about impact litigation anymore.
[20:33.080 --> 20:48.480]  And those cases aren't necessarily happening in the United States. You're starting to see them in European courts, in Brazilian courts, in Russian and Mexican courts.
[20:48.480 --> 21:06.300]  The U.S. president apparently would like our Internet to look more like China's. And that is a fairly serious problem that requires an international approach in order to fix.
[21:06.300 --> 21:28.580]  So having said that, what we did was we built an international team. We have people who do international law, who understand international human rights, who speak to the UN. We have people who are not based in the United States. We have people who go and talk to The Hague and to Brussels.
[21:28.580 --> 21:53.340]  And also people who understand that the Internet isn't just the developed world, that the world is not divided up into the West and the rest, and that the rules which govern the Internet need to be fair, not just to Americans and to Europeans, but also to people in the Global South, and that their voices really matter when it comes to this conversation.
[21:53.340 --> 22:21.780]  And often they're the people who get left behind when we talk about privacy and security, because they're the people who are using some of the slowest infrastructure, and they're often the people who are using the cheapest products in order to get online or to communicate. And often if you did not pay extra, then you are the product and you're essentially selling either your privacy or your security. We find that very alarming.
[22:21.780 --> 22:46.940]  We also built a set of privacy and security guides, and we have those translated into eight different languages. We update them regularly, which almost no other security guide does. Everything has a date on it that tells you when, you know, this advice is good as of this date, and we translate it into languages.
[22:46.940 --> 22:52.020]  So the Internet, in addition to being global, is not just English-speaking.
[22:54.020 --> 23:14.260]  Thank you. Another question was, any advice for loosely federated national organizations working to simultaneously prevent doxing while preserving accountability, i.e. doing IAM for an organization where the national may not know or want to know all of the local's members?
[23:15.820 --> 23:38.420]  Yeah, I could take that one. So it's a really interesting question. I'd want to know a lot more of the specifics before giving any kind of concrete advice, but I will say loosely federated national organization makes my ears ring a little because the EFA is a national organization of a network of people coordinating efforts.
[23:38.420 --> 23:58.420]  So I think there's probably a lot of overlap. If you went to EFF.org slash fight, we have some really useful toolkits. So I think some sample suggestions would be establishing basic principles on the onset and maybe writing up like a simple mission letter and having those groups sign on to it.
[23:58.420 --> 24:16.540]  I think where it probably diverges a bit is if you don't necessarily want to know the individual federated instances, particularly closely, that on our end, it's really important to build those kind of intimate relationships with our members and find these kind of intersections.
[24:16.540 --> 24:33.900]  So maybe finding another way of communication among maybe more anonymized communication among the members of the Federation. So those are some things that come to mind. Definitely check out the toolkits. It's not exactly the same as coalition building, but I definitely see some overlap there.
[24:38.000 --> 25:06.260]  Wonderful. Thank you, Goree. So the next question is from DC201. We are live streaming on the Crypto Barons right now and did a review of the article about California using blockchain to track people's COVID-19 status under a social credit system and a secure record. I want to hear straight from you guys your take. Keep up the good fight. Alexis, you've been working on immunity passport issue. What do you have to think about this?
[25:07.680 --> 25:29.860]  Yeah, so actually the immunity passport work came directly from this bill. The bill in reference is AB2004. And that's been in play for a while and the EFF opposes it for several reasons. One of it is the fact that it's using a techno solution based practice towards a very, very loose dynamic situation.
[25:30.640 --> 25:55.820]  Verify credentials, which is the technology mentioned in the bill, is for more static purposes and also immunity passports isn't something that is actually normalized for the general public to enter buildings, to enter their job, to enter venues or public spaces. This is not a practice that's been in play and the history in the United States with immunoprivilege isn't a good one.
[25:55.820 --> 26:13.220]  So if you go back and look at the yellow fever in that position, you'll see that the United States has a very bad track record of handling immunoprivilege when you have a certain amount of population who can't exactly get testing at equal rates as other people in the population.
[26:13.220 --> 26:27.100]  So not being able to update your status as much. We don't know, according to health experts, exactly how COVID works still. People are getting reinfected. There's other people out there with COVID who may be asymptomatic.
[26:27.100 --> 26:50.780]  And we don't know how the antibody testing will be handled in the future. So rolling this out as a techno solution, using blockchain for the verified registry and a verified credential isn't necessarily something that calls to arms where you're building up something with a technology that claims it's going to be very secure and very straightforward, but at the same time, this is not a straightforward time.
[26:50.780 --> 27:05.020]  COVID and immunity isn't a straightforward practice at the moment. So trying to build up something and say just because we're using encryption and just because we're using a secure tool doesn't necessarily mean the tool itself is good or the credential itself is good.
[27:05.020 --> 27:23.360]  Basing people's immunity into a shared health credential with law enforcement or their employer puts people in very precarious positioning in our general public and that can exacerbate already the inequities that we have seen exacerbated during this pandemic.
[27:23.360 --> 27:39.120]  And this would just add to the pile of inequities we have seen by making something like this the standard when we don't have, we don't even have a plan on like how we're going to handle sending kids to school.
[27:39.120 --> 27:56.180]  So like being able to roll out something as COVID immunity passports, we're using blockchain. It's a very techno solution, Silicon Valley approach to something that we cannot just roll out something or an app or a technology and say we saw the pandemic, everybody go out and have a good time. That's not how this works.
[27:56.180 --> 28:11.800]  So that's our take generally on it and we oppose this bill still and you will see more recent blog posts if you go on to the site and going over that again. We've written several times on this and hopefully they listen. And generally, I just want this bill to die.
[28:11.800 --> 28:31.280]  And I don't want to see anything go through with this because I just don't think immunity passports or verified credentials or using blockchain for a verified registry is the solution to this. We're going to need a multifaceted policy-based approach to this pandemic and we can't leave it up to, oh, we use blockchain, everything's fine.
[28:37.280 --> 28:51.440]  Thank you. And the next question is, what type of rhetoric do you think the forced selling and restriction of TikTok and other Chinese apps will set? Will network sovereignty be a philosophy we will have to fight in the near future?
[28:51.440 --> 29:13.840]  So as it happens actually right before this, Eva and I were working on an op-ed to talk about the TikTok ban. And we've been actually looking very closely on the ban on TikTok and also on Tencent, the makers of WeChat, and also things like League of Legends and a 40% owner of the owners of Fortnite.
[29:14.520 --> 29:43.100]  So this is a very, very hot issue here. And I think as far as from a legal and constitutional perspective, this ban is extremely troubling. The sanction authority that the president has invoked here has an exception for communications, including a implicit prohibition of communications, and a ban that would stop people from using TikTok would be exactly that.
[29:43.100 --> 30:09.400]  It seems to be outside the statute. But perhaps more importantly, on a constitutional level, it is banning a means of expression that the power to say, you know, unilaterally with an executive order that the president could say, you can't use this particular communication channels anymore, you can't speak to the audience through that channel, has tremendous implications for free expression.
[30:09.400 --> 30:26.680]  And it goes beyond what should be tolerated. Now, I understand like a lot of people also are concerned about, well, D, you know, but TikTok, they're gathering a lot of data, they've had some privacy scandals. But I'll turn to Eva to talk a little bit more about the privacy and security concerns.
[30:29.050 --> 30:50.430]  So I'm not going to get up in front of everybody and tell you TikTok is totally safe. I will tell you that for the most part, it uses the same permissions and has many of the same security and privacy vulnerabilities that you see with similar social media apps.
[30:50.430 --> 31:09.730]  The only difference is that TikTok is located in China, they are owned by a Chinese company, they have employees in China. They say they do not keep any US data in China. But the real question is, how much do you trust TikTok?
[31:09.730 --> 31:35.150]  Is this what TikTok would say even if they were keeping US data in China, even if they were handing over all of the US data directly to the Chinese government? And I, for one, don't trust the Chinese government very much. Having said that, we are deeply opposed to the idea that the president should be able to ban an app via executive order.
[31:36.150 --> 32:03.990]  There are a whole lot of legal problems with that. And it really sort of eclipses any kind of real conversation that we should be having about data sovereignty. Because after the Snowden allegations, one of the very first things that happened was the European countries started working on eventually becoming a GDPR and talking about data sovereignty in a much more serious way because they felt that they couldn't trust US companies
[32:03.990 --> 32:28.790]  to not hand over data to the NSA. And they're right. And we should not be hypocrites who think that it's not okay for companies to hand data over to governments, unless it's ours, in which case it's totally fine. You know, we have rule of law and human rights and stuff. My willingness to believe in our rule of law and human rights is increasingly strained.
[32:30.130 --> 32:55.930]  So I think, yes, we are going to be talking about data sovereignty. And one of the biggest problems we're going to have is that we are going to find ourselves battling xenophobes, people who are appealing to nationalism and to sort of anti-Chinese hatred as a way of knocking out the competition or lashing out at people who are not like them.
[32:55.930 --> 33:21.490]  There are real concerns about TikTok, but these are not the concerns in question. The people who should be really concerned about TikTok are the people who are worried about having their data fall into the hands of the Chinese government. So if you are a Uyghur, if you are a protester in Hong Kong, if you're friends with a protester in Hong Kong, if you're a journalist who wants to protect your sources, and you have sources that are of interest to the Chinese government,
[33:21.490 --> 33:41.530]  if you're a COVID-19 researcher or a Fortune 500 executive who is worried about having the IP for your company stolen, then, yeah, you should really be concerned about TikTok. But a full ban is absolutely not the answer.
[33:44.070 --> 34:05.950]  All right, thank you. And just to add on to that, one of the aspects of this is it's balkanizing the Internet. It's sort of the notion of that there will be apps per country. And this is something that is very concerning. One of the benefits of the Internet is that it is a worldwide forum.
[34:05.950 --> 34:31.970]  I can see people's real concerns about the privacy and security of data in other countries. And whether it is, as he was saying, the European Union was concerned about data in the United States. Brazil has been concerned about data in the United States. Of course, sometimes, I think like in the case of Brazil, it's not because they want to protect that data from themselves. They actually want the data locally, so they can be the ones spying on it instead of the NSA.
[34:32.470 --> 34:50.370]  And I think the better solution to all of this is to just worldwide have protections against massive spying. Now, that is a hard job. It will take policy, it will take law, it will take technology. But the ultimate goal, I think, is to have a worldwide Internet that also has safeguards to protect privacy.
[34:50.370 --> 35:04.230]  All right, we'll get on to the next question, which is, what is EFF's position on spyware, such as ProctorU, currently being forced on students for exams in some North American universities?
[35:05.290 --> 35:07.850]  Hannah, did you want to introduce that topic?
[35:07.850 --> 35:27.850]  Sure. Of course, and I know others will have stuff to say about ProctorU and other types of software like ExamSoft as well. But of course, what ProctorU and ExamSoft and all these types of software do is very concerning. Student privacy is incredibly important, especially since students...
[35:28.630 --> 35:44.770]  The example I believe the questioner gave is at universities, in which case most of them are likely to be over the age of 18. But we know that some of these are also used in classrooms where the majority of the students are under the age of 18.
[35:44.770 --> 36:12.750]  And that carries a lot of implications for their rights and what consent really even means in those situations when they're consenting to having their privacy invaded or to installing these apps and using them. It's also important to remember that these, just these programs, nefarious as they are, are not the first instances of how student privacy has been invaded.
[36:12.750 --> 36:25.870]  We know that students use a lot of school-owned and school-issued devices, and we really encourage robust protection for their privacy for their uses of even school-owned devices.
[36:25.870 --> 36:55.850]  This is just another example, I think, of invading the privacy of students, the ever-increasing encroachment into their private lives by having these software. And of course, some of these so-called software's functionalities are really the type of Trojan horses and spyware that we really rail against when they are from other companies and not ExamSoft.
[36:55.870 --> 37:29.100]  And so, again, this is just another example of how students use a lot of school-owned and school-issued devices, and we really encourage robust protection for their privacy.
[37:29.100 --> 38:00.190]  And so, again, this is just another example of how students use a lot of school-owned and school-issued devices, and we really encourage robust protection for their privacy.
[38:00.650 --> 38:14.530]  Yeah, and I just wanted to quickly plug, we have a blog post recently about this on our website called University App Mandates are the Wrong Call, written by some of our colleagues. And it brings up some really important points I want to echo here.
[38:15.210 --> 38:41.350]  One of the main things is these mandates, not just for crock-tarring apps, but for contact tracing and things like that, make a lot of assumptions about students that are problematic. For example, assuming their devices, a lot of these only work on Windows and macOS. Plenty of Linux users or even Chromebook users have complained about not being able to take their class because of those restrictions.
[38:41.350 --> 39:08.370]  There's also plenty of concerns about accessibility. For example, when students have screen-reading software, it can become an issue to use these tools. And then just the broader issue of having reliable broadband and schools not offering an alternative to these online crock-tarring solutions. And then more broadly, it goes against all the stuff of open education that we know and love. Education should be easy and not infringe on your other rights.
[39:08.370 --> 39:28.370]  To quote the blog real quick, universities should strike down any app mandates and should pledge to not include them in future student commitments. It's something that a lot of EFA student groups have reached out about so far. So I really encourage you to also reach out. It's something I'm very interested in pursuing.
[39:31.290 --> 39:51.190]  Great. So another question we had was about... it's also on the international front. It was about whether there's an EFF affiliate in Canada. And so we're actually going to give you some background. Once upon a time in the mists of past, there were international electronic frontiers affiliates.
[39:51.190 --> 40:18.470]  And in the 90s, the early years of EFF, we moved away from having an affiliate model. But we didn't kick people out, tell them to stop using the name. So there actually are a couple of electronic frontiers affiliates left. There's electronic frontiers Finland, I think is probably the most active chapter. There's also an electronic frontiers Australia, and I believe Italy is still somewhat around.
[40:18.470 --> 40:32.230]  But we do not have an actual affiliate in Canada. But there are a number of organizations in Canada that we have worked in. I think Eva, you've worked a lot with some.
[40:34.270 --> 40:50.250]  Citizen Lab, were you able? Yes. So the two that I was about to suggest are CIPIC and Citizen Lab. Citizen Lab is based out of Toronto, and they're all academics and security researchers. Highly recommend. We put out some research with them. They're great.
[40:50.730 --> 41:01.510]  And CIPIC mostly does law and policy, which is good because the law and policy in Canada matters just as much as it does in the United States.
[41:01.510 --> 41:04.310]  This is really important to us.
[41:09.380 --> 41:16.960]  Very good. So another question we have in here. How does the US approach to privacy legislation impact your work?
[41:17.280 --> 41:28.320]  I mean, sometimes it is the work, but is there any hope that it may be changing in the next five to 10 years? Is there realistic hope for any more GDPR style approach in the US?
[41:29.180 --> 41:32.020]  Hannah, do you want to talk about eCPA and CALECPA?
[41:32.020 --> 41:47.880]  Sure. So I don't know if there is any realistic hope for a GDPR style federal legislation, given the type of gridlock that we see currently in DC.
[41:47.880 --> 41:55.920]  It doesn't seem like that kind of tension that prevents something like GDPR being passed will really dissolve anytime soon.
[41:55.920 --> 42:04.740]  But what we know is that it is effective on a state to state level. So we do have the federal eCPA, which is Electronic Communications Privacy Act.
[42:04.740 --> 42:10.340]  And it's supposed to protect electronic communications and the stuff that you send.
[42:10.340 --> 42:19.920]  It is not nearly as protective as, for example, CALECPA, which is the California version of the bill.
[42:19.920 --> 42:26.600]  And now the California law, CALECPA, is much more protective because it also provides a remedy.
[42:26.600 --> 42:42.700]  That is a right for the person whose information has been wrongly collected in violation of this law to challenge it and have that information suppressed, deleted, which is not something that the federal law offers.
[42:42.700 --> 42:48.760]  A thing that we always joke in lawyer circles is you will have all these laws that have rights.
[42:48.760 --> 42:53.280]  But when they are violated, the laws don't tell you what you get to do. You don't get money.
[42:53.280 --> 43:00.760]  So, for example, if you were wrongly convicted, you don't get any money from the state for the years that you spent in prison.
[43:00.760 --> 43:07.700]  So you can have all these rights, but that doesn't mean that those rights come with ways to enforce them and to effectuate them.
[43:07.700 --> 43:22.360]  And that's why something like CALECPA is such a monumental law. First of all, California being the largest or most populous state in the U.S., it affects a large number of people.
[43:22.360 --> 43:27.180]  Second, obviously, the tech industry is centered in California.
[43:27.180 --> 43:33.580]  And third, because it is the most protective law in the United States of its kind.
[43:33.580 --> 43:51.020]  It requires that the government, any branch of government, so not just law enforcement, but any government entity, to have to comply with certain regulations in order to collect electronic data.
[43:51.020 --> 44:02.400]  They can't just, you know, pass a law that says, okay, from now on, we can collect, you know, for example, schools can collect all this information about students.
[44:02.400 --> 44:05.080]  There was some discussion on that.
[44:05.080 --> 44:26.360]  And we actually have a case right now regarding CALECPA because the city of L.A. passed a law where it required all the scooter rental companies to provide real-time and historical movement data of every single one of their scooters.
[44:26.360 --> 44:30.160]  And we are challenging it as a violation of CALECPA.
[44:30.160 --> 44:35.740]  So it really demonstrates that privacy legislation can work on a state-to-state level.
[44:35.740 --> 44:43.500]  So it's still very important to vote for your state representatives, your state assembly people, and your state senators.
[44:43.740 --> 44:58.440]  And even if the D.C. will never see, or it is unlikely that D.C. will ever see a GDPR-style law in the near future or foreseeable future, it's still something that you can get passed on the state level.
[44:58.440 --> 45:08.480]  Especially one where there may be state legislators who are interested in protecting this kind of thing.
[45:10.220 --> 45:17.000]  All right. I'll just add a little bit on the CCPA, the California Consumer Privacy Act.
[45:17.000 --> 45:21.860]  So what Hannah was talking about with ECPA is privacy mostly vis-a-vis the government.
[45:21.860 --> 45:35.040]  But there also has been a consumer privacy law passed in California, which provides certain rights that are like GDPR.
[45:35.040 --> 45:39.060]  It has a number of exceptions for smaller businesses.
[45:39.280 --> 45:43.720]  It is probably not considered to be as strong as the GDPR.
[45:43.720 --> 45:46.200]  It's not nationwide, of course, just in California.
[45:46.200 --> 45:53.060]  On the other hand, a lot of the tech companies are in California, meaning that it does have a big effect on that industry.
[45:53.500 --> 46:05.720]  Now, what's going on there is that the law went into effect at the beginning of this year, but there's also a proposition on the ballot in California that would replace the CCPA.
[46:05.840 --> 46:14.340]  So I guess we will find out in November whether the CCPA will continue or will be replaced with something else.
[46:15.340 --> 46:23.720]  And I totally agree that the GDPR-style thing at the federal level seems unlikely, at least for now.
[46:23.720 --> 46:42.040]  Though one effect of the state-by-state process is if, as often happens, different states come up with different rules, that puts additional pressure on the companies to abide by the various rules.
[46:42.040 --> 46:47.300]  And they become perhaps more receptive to having a national standard.
[46:47.300 --> 47:01.380]  On the other hand, they will also, especially if they're like data brokers and such, will want to lobby to make sure that those national standards are a ceiling, while the privacy advocates would like to have the national standards be a floor.
[47:01.380 --> 47:16.020]  That could become all the more important to be involved, which I think actually you can be involved through the EFA. Rory?
[47:18.290 --> 47:23.770]  Yeah, if you're interested in being involved, please reach out to organizing at EFF.org.
[47:23.770 --> 47:38.910]  We're always excited to have more organizations join the network. But also, if you're not directly related, if your group's a little tangential, but would like to be put in touch with another EFA group that is in the organization, you can see a list of them at, again, EFF.org.
[47:39.870 --> 48:00.510]  Or email us and we'll put you in touch with some local advocates and get you involved. Again, base building, the more people on our side, the better. And especially for local issues, the EFF is only so many people with so many resources. EFA groups really help us address these really local issues as well.
[48:01.870 --> 48:19.370]  And so there's lots of actually ways that you can get involved with EFF. So there's the EFA route, you'll get to meet the EFA. And we'll start that in about 10 minutes. There's also the Action Center, act.eff.org. You can go there and we'll try to help you get your voice heard.
[48:21.610 --> 48:31.390]  And you can also get involved, a lot of you in this audience are probably coders, and you can get involved directly with our open source projects. Alexis, you want to speak about that a little bit?
[48:31.390 --> 48:45.190]  Yeah, sure. There's several projects that we have right now that definitely, you know, we're always open to people contributing certain things, especially when you have a certain fringe case that you feel may apply to others.
[48:45.190 --> 49:00.750]  When you bring things like that up in the repo, we pay attention, and we do our best to try our best to actually accommodate these scenarios and cases because we know people who use our tools are trying to stay safe online and private online.
[49:00.750 --> 49:08.910]  So there's HTTPS Everywhere. That's a project that I'm the lead on. And we have Privacy Badger, which is another web extension that you all may use.
[49:08.910 --> 49:17.710]  And we have CertBot, and we have Panopticlick. I don't think Panopticlick is open source, actually. It may be, but it's another tech project that we have.
[49:20.350 --> 49:22.510]  People can find this all on GitHub, right?
[49:22.510 --> 49:35.730]  Yeah, GitHub. And if you go on EFF.org under tools, I believe there's a whole menu that lists our tools that we have and the ways you can use them and how you can download them for yourself or get involved.
[49:35.730 --> 49:45.330]  With HTTPS Everywhere in particular, we have community sourced rule sets for sites out there that may support HTTPS.
[49:45.330 --> 50:02.730]  And a lot of those sites don't actually enforce it, as you may know. So a lot of our rules tend to those scenarios in particular. But if you could contribute to those projects and actually be able to contribute quite a bit of pull requests, we pay attention.
[50:02.730 --> 50:17.890]  So people on HTTPS Everywhere project, actually, when they contribute over a certain amount of time, we tend to ask them to be rule set maintainers. And those are a higher level privilege of maintainers that help us in the repo and work together with us in the actual organization.
[50:17.890 --> 50:26.270]  And we actually coordinate with our maintainers in HTTPS Everywhere. I can't speak to every project, but that's kind of like a little bit of how you can get involved.
[50:27.330 --> 50:45.530]  All right, super. So another question we got here. Can I get free EFF swag like stickers? Well, we are a nonprofit organization. We are supported by people like you who help donate to keep the organization going.
[50:45.530 --> 51:05.850]  And so we ask that people make a donation, and then we thank them for that donation with wonderful swag like stickers. But at fairly low donation amounts, you can get some amazing stickers at supporters.eff.org or just go to the website, the donate page.
[51:06.670 --> 51:26.250]  And, you know, those costs, especially now when we can't be in person at DEF CON and just hand something to somebody, we have to ship it to you and such. So I think it would be great if you want to get some of those stickers. We'd love for you to have them. But if you just pop by the website and give a donation, we'd be happy to set you up.
[51:28.150 --> 51:42.930]  And let's see, there's another question here. What kind of risks do non-California consumers have when posing as a Californian in hopes they could get CCPA rights?
[51:42.930 --> 52:02.930]  I think in a lot of cases where you're asking to say I remove my consent or you're asking for the information, you can do that without really saying where you are from. And it probably would work out. But, you know, I can't recommend that you lie. You know, I can end up getting to a weird place later.
[52:02.930 --> 52:25.290]  But you can probably get pretty far with just filling out the forms, saying you do not consent. And it is, I think, for a lot of the companies that are trying to be honorable about this, they are applying it on purpose, applying it to everybody.
[52:25.290 --> 52:44.010]  This is more difficult for them to differentiate between one database and the other of California and non-Californians. Especially if you're a non-California, but you happen to be in California, you're still protected by the California law. It looks like if you're an American citizen and you are in the European Union, you are protected by the GDPR.
[52:44.010 --> 53:02.890]  So it is a lot better for the companies. And I urge them to all to just try and be cool about these requests. And if somebody says, I withdraw my consent and you are relying upon that consent for processing their data, maybe stop. That would be like a nice thing to do and not be a jerk about.
[53:04.260 --> 53:33.740]  All right. So what other questions? Any biometric data laws like Illinois' brewing in other states? So Illinois, they had a biometric privacy law. There was recently a, I think it was proposed 600-ish million settlement against Facebook for violating the Illinois biometric law, which is a, you know,
[53:34.440 --> 53:59.280]  Facebook makes a lot of money, but you know, still 600 million. So you'd notice, you know, you still got to write it in up in the annual report. So it turned out to be a very powerful law, that case. And also that law is being used for a suit against Clearview, the company that scooped up all the photos they could find online to make a massive facial recognition database.
[53:59.280 --> 54:10.080]  But I actually don't know, does anybody know if there are any similar bills moving forward outside of Illinois?
[54:13.500 --> 54:18.280]  I guess not. We don't have a member of the ledge team on today's program.
[54:18.280 --> 54:40.240]  So one of the things that we have seen a lot of for biometrics is facial recognition bans. These are usually at the municipal level. So there's a lot of municipalities that have banned their governments and especially their police departments from using facial recognition.
[54:40.360 --> 54:46.300]  And a lot of the EFA groups have been supportive of that effort.
[54:46.300 --> 55:06.320]  And this is, yes, CCOPS is the general name of it. Community Control Over Police Surveillance Ordinances, which is basically the idea that the elected representative, the city council, should have control over what surveillance techniques are being used or should never be used against their citizens.
[55:06.320 --> 55:27.020]  And with, you know, all the police departments getting pressure to add more surveillance, getting funding from DHS to buy more surveillance, getting deals proposed by companies like Ring to get more surveillance installed by the consumers, it's very important to have these kinds of ordinances.
[55:27.020 --> 55:45.380]  And again, the EFA has worked a lot with that. So maybe this makes this a wonderful moment to begin our transition over to the Meet the EFA portion of our program tonight. So I would like to please join me in thanking our panelists, Hannah, Rory, Eva, and Alexis.
[55:46.020 --> 56:06.540]  It's been wonderful doing another Ask the EFF with DEF CON again. I miss you all so much. I wish I was there in person to say hello to you all. Indeed, indeed. But we will hopefully see you next year. And thank you. And then panelists, you want to say any last comments?
[56:09.650 --> 56:10.250]  Thank you.
[56:10.250 --> 56:15.910]  All right. Well, let's do the transition to the Meet the EFA panel.
[56:16.610 --> 56:31.010]  Hello. Thank you, Kurt. And thanks to all of you. So yes, I'm Nash. I am the Associate Director of Community Organizing at the Electronic Frontier Foundation, where I lead the organizing team. Rory joins me also as well as a member of the organizing team.
[56:31.010 --> 56:39.450]  And we help coordinate the Electronic Frontier Alliance, which is a network of over 70 community and student-led and grassroots organizations around the country.
[56:39.450 --> 56:56.890]  So before we jump into that, I would just first join everyone else. Everyone in the chat has been really excellent about it. I also want to join them in thanking Alexis and Rory and Hannah and Eva and Kurt for everything that they shared. It's really an honor to work alongside inspiring folks like you and the rest of our colleagues at EFF.
[56:56.890 --> 57:11.790]  I also want to thank everyone here who supported EFF. I see in the chat, there's lots of folks that are talking about, you know, the different swag and donations and support that you've given us throughout the years and that hopefully we'll continue to do the work that inspires you to do that going forward.
[57:11.790 --> 57:19.550]  So thanks to all of you for the last 30 years and in advance for your support as we continue to fight for digital rights and free expression for decades to come.
[57:19.550 --> 57:36.810]  And with that said, one of the things that I enjoy the most about my role at EFF is supporting grassroots and student-led organizations around the country that are working to preserve digital rights in their communities and empowering their neighbors with the information that they need to make informed choices about the way they interact with technology and the Internet.
[57:36.810 --> 57:54.770]  So in this next portion of our time together, we're going to speak with representatives of four Electronic Frontier Alliance-affiliated groups. And then I think that the folks that are joining now would agree with me when I say that the work that they do isn't easy work, but it's work that all of us can be engaging in wherever we are.
[57:54.770 --> 58:08.390]  It's great, folks like Eva and Kurt and Alexis and Rory, you're all brilliant experts that are doing inspiring work. But really, all of you are the experts in what the potential is and the ways to support and the threats in your own community.
[58:08.390 --> 58:22.490]  So I hope that in addition to learning from the folks that we're going to hear from now, it may also inspire you to either join into the work that's already happening if there's a group in your community, or to launch a group that could also be joining them in that fight based in your area.
[58:22.490 --> 58:37.430]  So welcome to the Meet the FAA portion of our session. And first person I want to introduce is Tracy Rosenberg. Kurt spoke a little bit about community control over police surveillance, and the local bans that have been passed on face surveillance.
[58:37.450 --> 58:51.910]  And Tracy is, in addition to being the Executive Director of Media Alliance, is a member of Oakland Privacy. And Oakland Privacy was instrumental in passing some of the first and some of the strongest community control over police surveillance bans, as well as bans on face surveillance.
[58:51.910 --> 59:09.470]  And so, yeah, so Tracy, Oakland Privacy really has a remarkable origin story, as well as a unique organizing model and stunning list of successful campaigns. Can you tell us a bit about Oakland Privacy's mission, and how the group was formed, and maybe divulge a little bit of the secret sauce that makes Oakland Privacy so successful?
[59:11.190 --> 59:27.930]  Absolutely, Nash. First of all, I just want to say I'm sorry, my camera's acting up. So I'm going to go ahead and say a couple of things, and then hopefully I'll be able to see everyone in person as we work through the panel. Sorry about that. I don't know. Technology.
[59:28.470 --> 59:48.210]  So Oakland Privacy was originally the privacy wing of the Occupy Oakland encampment, which as some of you probably know, is a fairly militant and fairly late Occupy encampment back in 2011.
[59:49.210 --> 01:00:02.510]  Folks were basically wanting to sort of understand all of the equipment and devices and technology that was being used on them by the very many police that were in the proximity.
[01:00:02.510 --> 01:00:14.850]  Once Occupy Oakland broke up, you know, you can never be too paranoid because we were doing PRAs and taking a look at stuff.
[01:00:14.850 --> 01:00:34.790]  And we found a Homeland Security project called the DAC or Domain Awareness Center. It was a citywide surveillance gauntlet that essentially was about 30% of the way implemented and nobody knew that it was going on at all.
[01:00:34.790 --> 01:00:49.790]  We mobilized the entire city. We stopped it in the spring of 2014. And then we devoted ourselves to trying to make sure that nothing like this would ever happen again here or anywhere else.
[01:00:49.790 --> 01:01:16.290]  So we were talking a bit about CCOPS ordinances. And basically, we've been trying to implement that framework, which allows for reporting and consent, and when necessary, bans. And we are at about 11 or 12 cities nationwide. And I believe the 11th facial recognition ban just went into place last week in Portland, Maine.
[01:01:16.290 --> 01:01:36.130]  Awesome. I'm so eager to learn. There's so much of that I want to dig more into. But first, I want to make sure we get a chance to speak with the rest of our panelists. And so the next person I want to introduce is Elliot from Cypert Collective. And Elliot is a motion artist and a creative coder who works in interactive fabrication and large-scale immersive experiences.
[01:01:37.210 --> 01:02:01.390]  And Elliot blends visual work with an interest in mutual aid, security, and privacy online. And so it's funny, in Elliot's bio, it also mentions that Elliot is based in Brooklyn. Cypert Collective is one of the earliest members of Electronic Frontier Alliance, and they're based in Brooklyn. But I always think, as someone who's also from Brooklyn, I always think it's funny how, you know, when you're... it doesn't take very long to know when someone is from Brooklyn, because they tell you almost immediately.
[01:02:01.390 --> 01:02:15.890]  And so I want to welcome Elliot to the panel here. And so thanks for representing Brooklyn, and thanks for all of Cypert Collective out there doing work to inform folks and give them the information that they need to make informed choices in their technology.
[01:02:16.090 --> 01:02:23.350]  And we're all gathering right now in safe mode today because of the need to protect ourselves and our communities from the global pandemic.
[01:02:23.350 --> 01:02:33.710]  But in normal non-COVID times, Cypert Collective puts on a range of workshops, socials, and other events. Elliot, why is that? Why not just stick to one format?
[01:02:34.370 --> 01:02:40.170]  Well, I guess I should start by saying that I am from Brooklyn. Now that we've gotten that out of the way.
[01:02:40.170 --> 01:02:41.650]  Brooklyn is in the house.
[01:02:41.650 --> 01:02:57.730]  Yeah. It's the least I could do. So to your question, I think that, you know, a big part of Cypert's mission and what we've been trying to do over the last few years is to make security accessible to everyone.
[01:02:57.730 --> 01:03:14.630]  And I think that that is key to why we have so many different types of events. Because, you know, we're trying to rather than kind of present one way to learn about security that some people might... it might work for some people and it might not work for others.
[01:03:14.630 --> 01:03:20.250]  We want to have... we want to be able to meet people in the way that they're comfortable.
[01:03:20.250 --> 01:03:34.370]  And I think that part of that is having a lot of events so that we can teach in ways that people are comfortable learning and also to kind of, you know, bring a social aspect to security and try and build a community around it.
[01:03:34.370 --> 01:03:44.550]  I think all of which makes it easier for the average person to feel comfortable with and then being comfortable start to educate themselves about security.
[01:03:45.330 --> 01:03:54.290]  Absolutely. I couldn't agree with that more. And so, next I'm going to introduce Abhi. And Abhi is with Black Movement Law Project. We use the abbreviation BMLP.
[01:03:54.290 --> 01:04:09.750]  And in full disclosure, Abhi and I have worked together for a number of years. And in fact, after years of doing legal support work in a range of contexts, Abhi, also International Human Rights Attorney Nicole Lee and myself started BMLP to support the building of Black-led legal support infrastructure in the US.
[01:04:09.750 --> 01:04:19.130]  And it was actually Abhi's idea, way before I joined the team at EFF, for BMLP to join the Electronic Frontier Alliance and for us to do our first round of digital security workshops.
[01:04:19.330 --> 01:04:27.830]  In addition to work with BMLP, Abhi is an attorney and technologist. He's currently a partner at O'Neill and Hassan LLP, a law practice focused on indigent criminal defense.
[01:04:27.830 --> 01:04:43.550]  And prior to his work with BMLP and some of the other work that he's engaged in right now, he was the Mass Defense Coordinator at the National Lawyers Guild. Shout out to National Lawyers Guild and all the work that they're doing across the country to support folks that are raising their voices to call for justice and an end to police violence.
[01:04:43.850 --> 01:04:55.310]  And Abhi has also worked as a political campaign manager and strategist, union organizer, and community organizer. And Abhi conducts trainings, speaks, and writes on topics of race, technology, injustice, and the law.
[01:04:55.310 --> 01:05:05.110]  Now, Abhi, a lot of the EFA groups fit into one of three boxes, or some of them span, like Lucy Parson's lab does digital security trainings, as well as advocacy work.
[01:05:05.390 --> 01:05:13.510]  But those boxes generally fall into ones that are popular, like Cyber Collective, that focus on popular education about technology and privacy.
[01:05:13.630 --> 01:05:20.590]  There's also Hacker Spaces. I know there's folks in the chat right now from Crash Base in Los Angeles. Thanks, y'all, for joining us and all the work that you're doing out there.
[01:05:20.590 --> 01:05:29.250]  And then there's also the Hacker Spaces, where folks are sharing tools and skills and resources, and obviously the advocacy groups like Oakland Privacy.
[01:05:29.330 --> 01:05:39.110]  But BMLP is a bit of an outlier. As the movement is changing, and what are some of the ways that movement law can expand to meet the need of growing social movements?
[01:05:39.110 --> 01:05:51.650]  And why is, for a group like BMLP, that is focusing on, you know, providing legal support infrastructure to support folks that are engaged in first amendment protected activity, why is digital security and privacy important?
[01:05:51.650 --> 01:05:55.610]  How did that become such an integral part of your work?
[01:05:58.090 --> 01:06:04.250]  Yeah, so, yeah, thank you, Nash. Thank you for the very nice introduction.
[01:06:04.250 --> 01:06:21.970]  Look, I got to preface this with saying, none of us know what we're doing, right? We're in an unprecedented moment where we all have to rethink and be on our toes and be flexible in how we're engaging with everything, right?
[01:06:21.970 --> 01:06:42.170]  And so that, you know, that's my disclaimer, but like, you know, as far as the work that we've done, you know, we, like, as you mentioned, started doing this kind of legal support movement, legal support work, specifically, you know, in 2015-2016.
[01:06:42.170 --> 01:07:09.830]  And we just, you know, responded with kind of the grassroots calls we got for, I mean, we joined the EFA because people were asking us about digital security. And so we had to develop a digital security plan. We partnered with EF, with EFF and helped with, you know, EFA and all of the, like, really great work that EFF has been doing to build on that digital security training infrastructure.
[01:07:09.830 --> 01:07:36.930]  But like, now we're in this point where it's like, you know, I want to, I think that that space of digital security training has grown. And like, you know, because of CYPR, EFA, EFF and other organizations, it's like, that space has grown. And I think that we need to also start expanding what we're doing as movement technology people, like, and start thinking bigger, right?
[01:07:36.930 --> 01:07:59.870]  Like, also, like, we need to do that, that kind of core organizing work and that core digital security work. But I think we also need to think about how we're building at a different level, movement infrastructure, how we're building at a different level, the types of, you know, how we incorporate technology in a holistic way with how we build movements.
[01:07:59.870 --> 01:08:27.910]  And like, that is more than that, that is a big project. And so that's kind of where I see us going, where we're like, not, we're thinking about how we can build mass scale infrastructure and how we can, and how we can engage just at different levels more than just that digital security level.
[01:08:27.910 --> 01:08:34.510]  And so that's kind of where I want to see us going. And that's what I hope BML can be part of building.
[01:08:34.790 --> 01:08:47.010]  Yeah, and I appreciate, you know, speaking of in terms of movement and encouraged in terms of the ways that that work is essentially to support work that people are doing to knock down systems, you know, traditional systems of marginalization and oppression.
[01:08:47.410 --> 01:08:55.790]  And that part of that is making sure that they're able to keep their information and their communication secure and that technologists are communicating in effective ways with the folks that are doing that work.
[01:08:55.790 --> 01:09:08.370]  In keeping with that, actually, it's a great opportunity to introduce Emily St. Pierre, it's really my honor. And Emily is the security ambassador for FutureAda, a Spokane-based nonprofit advocating for diversity and inclusion in STEAM.
[01:09:08.490 --> 01:09:13.430]  I don't think I need to tell folks here, security, technology, engineering, arts and mathematics, this is DEF CON.
[01:09:13.690 --> 01:09:22.250]  For the past six years, Emily has used her experience as an offensive security professional to provide privacy and security education within her community.
[01:09:22.250 --> 01:09:34.350]  Now, through Emily's work with FutureAda, Emily has established free regular workshops and one-on-one technical support to the Spokane community, so folks in Spokane, Washington, definitely look out for FutureAda.
[01:09:34.350 --> 01:09:42.270]  Now, Emily's focus has been to make sure that these resources are explicitly available to underrepresented and under-supported members of the public.
[01:09:42.370 --> 01:09:48.770]  Now, Emily, FutureAda is one of my favorite names in the Alliance, to be honest. Don't play favorites, but it's one of my favorite names.
[01:09:48.770 --> 01:09:56.090]  Can you start off by telling us a bit about the significance of that name and what need in your community FutureAda was launched to address?
[01:09:56.870 --> 01:10:01.750]  Thanks, Nash. I have to say, speaking of favorite names, I love Cypher as well.
[01:10:02.950 --> 01:10:11.430]  So, FutureAda is named after the Countess of Lovelace, or Ada Lovelace, who was a mathematician and a writer.
[01:10:11.430 --> 01:10:21.370]  She's often recognized as the first computer programmer. And FutureAda was founded by my wonderful colleague, Rebecca Long, in 2017.
[01:10:21.990 --> 01:10:38.370]  And so, after facing, you know, many challenges in the industry, in IT, you know, she had a vision to start a nonprofit, which would help promote, you know, diversity and inclusion, you know, within those areas of STEAM, as you mentioned.
[01:10:38.370 --> 01:10:58.230]  And this is all in the hopes, you know, of helping the future Ada Lovelaces of tomorrow, you know, realize their potential, no matter their background, no matter how they identify and present themselves, you know, everyone deserves to be and feel included and to thrive within the areas of STEAM.
[01:10:58.230 --> 01:11:18.610]  Our nonprofit also puts on and participates in events to help promote interest in these areas around Spokane, Washington, and sometimes Coeur d'Alene, Idaho. And my role as security ambassador is really to, you know, first and foremost, promote interest in privacy and security within our community.
[01:11:18.610 --> 01:11:35.230]  And, you know, secondly, to provide access to privacy and security professionals to underrepresented groups, but also, you know, we are open to the general public, because we feel that security and privacy is something that should be available to everyone.
[01:11:36.030 --> 01:12:04.410]  Awesome. Now, Emily, you know, given that we are here at DEF CON, I have a question for you in that, like, what are some of the things in your experience and given your unique perspective, what are some of the things that folks in the hacker community and folks in DEF CON could, like, what are some things you'd like to see them doing and being able to support the work that you're engaged in and some of the other work to give folks the information and power to be able to engage responsibly with their tech and the larger sector?
[01:12:05.230 --> 01:12:17.430]  Yeah, that's a good question. I thought about that a lot this week, you know, and I'd love to see hackers building more bridges with other communities outside of InfoSec.
[01:12:17.430 --> 01:12:47.250]  You know, I've seen amazing projects come out of these types of collaborations, such as, you know, this paper presented at the USENIX Security Symposium last year by Sam Haven, and Haven and other researchers, you know, from Cornell Tech and NYU, they came up with a model where security professionals, you know, are integrated into the support infrastructure, you know, for victims of intimate partner violence.
[01:12:47.250 --> 01:13:01.850]  So they can help, you know, those victims or clients, as they call them in the model, they can help them assess whether or not their devices or accounts are being used or have the potential to be used for surveillance, you know, by their abusive partner.
[01:13:01.850 --> 01:13:11.550]  And we love that model so much at Futurada that we actually implement kind of a version of it to all of our, you know, one-on-one consultations.
[01:13:11.550 --> 01:13:41.250]  And if there's anything I can do to, like, I really want to encourage, you know, everyone who's listening to be a security and privacy advocate, you know, and you can do that by, you know, volunteering, you know, and there are plenty of organizations around you that would benefit from having a professional work with them to help them understand and address their privacy and security concerns, kind of like the example I just talked about, you know, and that can be, you know, your local youth center,
[01:13:41.250 --> 01:13:57.430]  your local shelter, you know, any organization nearby. And if you don't have time, you know, to volunteer, you know, even doing something as simple as having conversations about security and privacy with people around you.
[01:13:57.430 --> 01:14:21.270]  Not only will that be a great opportunity to teach folks about these topics, but it will help you learn about and better understand threat models and privacy and security needs that you may not be aware of. And I really want to encourage everyone to that. So not just help teach, but also help understand and listen.
[01:14:21.970 --> 01:14:36.970]  Thanks, Emily. And so that actually, and one of the things that the Alliance does is creates an opportunity for groups that are working across the country to be able to share skills and tools and resources in that way, so they can be more effective at being that person in their community.
[01:14:37.270 --> 01:14:47.330]  So I think that gives us an opportunity to address one of the questions that came up in the chat, and which is, the question is, can I make my college's cybersecurity club an EFA group?
[01:14:47.330 --> 01:14:59.710]  And I can answer that. And I can say, yes, if you have more than three folks, and you have openly accessible meetings that create an opportunity for folks to connect and support the work that your group is doing.
[01:14:59.770 --> 01:15:09.270]  Obviously, in, you know, before March of this year, that meant like having an opportunity, you know, having a space where folks could come and enjoy a training or meet and connect with folks.
[01:15:09.270 --> 01:15:14.930]  Now we have to obviously be much like, you know, the safe mode of DEF CON, be a lot more creative in how we create opportunities for that.
[01:15:14.930 --> 01:15:24.530]  But I want to ask, so I hope that that's answered the question around, can someone make their college's cybersecurity club an EFA group? Absolutely, reach out to us at organizing at EFF.org.
[01:15:24.530 --> 01:15:33.210]  Check out EFF.org slash fight to find out more about the Alliance. But I also want to, like, kind of rephrase that question and put it out to the panelists here.
[01:15:33.570 --> 01:15:39.170]  And, you know, what were some of the things that, like, why did your group decide to become a part of the Alliance?
[01:15:39.170 --> 01:15:50.050]  And, you know, what was the, what, how did you, how did you, I know it's like cyber collective organizes like very horizontally, right? And so they work in a way that, you know, make sure that everyone's voice is heard in the decisions that they're making.
[01:15:50.090 --> 01:16:04.750]  So I'm curious, you know, what was the, you know, if you have some insight into how your group decided to join the Alliance, but also, like, what are some of the things that the opportunities, benefits and reasons that you might, if someone was asking you if they should join the Alliance, what are some of the things that you would share?
[01:16:04.750 --> 01:16:09.290]  And so maybe I'll start off with you, Elliot, and then we can work around.
[01:16:10.990 --> 01:16:30.510]  So, I mean, I think it's a big topic, but I think that one of the reasons we wanted to join the EFA was to kind of expand upon sort of one of our organizing principles, which is, you know, a big thing that we've always tried to do is be big and have collaboration be an important thing.
[01:16:30.510 --> 01:16:50.590]  So that instead of us just saying, like, you know, we kind of have this knowledge and we're just pushing it out, sort of not so sensitive to the context or accessibility or any of those things, have kind of it be more of a sharing process that allows for a lot of collaboration and allows us to learn as well.
[01:16:50.590 --> 01:17:11.310]  And I think that, you know, the opportunity to join the EFA really gave us an opportunity to collaborate with a lot of other fantastic groups around the country and the world. And so in that way, we saw it as just sort of a natural extension of what we were trying to do at the local level.
[01:17:12.050 --> 01:17:23.850]  Thank you. Tracy, I know Oakland Privacy was in the Alliance before I started at EFF. And so I'm wondering, how did the Oakland Privacy originally become part of the EFA? And what's that relationship been like for y'all?
[01:17:29.270 --> 01:17:41.250]  We may have lost Tracy. I know Tracy was having some problems with the camera. So maybe I'll pass that question to Emily before I've got another great question I want to ask Abby. So I'll pass it to Emily. And then, yeah, what are your thoughts?
[01:17:41.250 --> 01:18:08.550]  Great. So we joined the EFA because we, you know, there's plenty of smart and creative and wonderful people part of the Alliance. And so we knew there was so much we could learn, you know, from other folks and other organizations. And we definitely have. You know, I definitely was not as well-versed in activism until we joined the EFA.
[01:18:08.550 --> 01:18:33.450]  And I've learned of so many different resources, thanks to being a member. And we're also, Oakland, Washington is pretty small. Not everyone knows where we are. Like, we're a pretty small community. And it's really helped us, you know, get our message across and, you know, tell our community about, you know, everything that we offer, the workshops we offer. So it's been really helpful for that.
[01:18:33.450 --> 01:18:48.270]  And along that lines, and finding out more about Future AIDA, keep your eyes out for a blog that I'm going to be releasing soon with a profile on Future AIDA and the amazing work that they do. And so it sounded like, Tracy, you sound like you're back on. Did you want to add, did you want to speak to Oakland Privacy and EFA?
[01:18:49.090 --> 01:19:15.230]  Yeah, totally. I think what's been exciting for us about EFA is just seeing so many models in terms of how people do work. Because the challenge, of course, is that one way or the other, you're a fairly small collective, and you're dealing with these big, heavy, weighty, important issues and challenges.
[01:19:15.230 --> 01:19:43.870]  Really, you know, everything about internet freedom and digital security. It's a huge range of issues. And there's so many different and interesting and creative ways that sort of groups of people get their mind around sort of how to tackle it and how to approach it and what to do first. And EFA is really just like an encyclopedia of what, you know, five or eight or 10 people can come up with in terms of, okay, what should we do first?
[01:19:45.330 --> 01:20:07.510]  Thank you. Yeah. And that's actually, that's the favorite, my favorite part of the job is like working with folks to figure out like what is going to be not, you know, not that like, it's like a one size fits all, like what we did here is going to work there. But like, how do we take lessons that were learned in one area and be able to figure out how they can adapt and be most effective for a different community in the context of that community is working in. So absolutely. Thank you, Tracy.
[01:20:07.770 --> 01:20:11.910]  Avi, I'm going to give you a different question. Did you want to speak to that one? Because I want to give you a different question.
[01:20:11.910 --> 01:20:25.890]  Just real quick. I just want to say that that's really like people who are thinking about joining EFA and getting involved and trying to apply their technical skills to larger political projects.
[01:20:25.890 --> 01:20:38.710]  I think it's crucial to understand that like the skills you develop, if you're actually doing threat modeling, if you're actually doing analysis, you are actually doing a form of political analysis as well.
[01:20:38.710 --> 01:20:51.750]  You are doing an act like if you're doing a good threat model, you are doing a material analysis of the like organizational and institutional opponents to like human freedom, basically.
[01:20:51.750 --> 01:20:58.770]  And so like you really like you, again, I want to warn the tech people, you don't actually know it all already.
[01:20:58.770 --> 01:21:18.670]  But like you have if you've developed those skills, you've developed some insight and the ability to collaborate and coordinate with more overtly political organizations and apply those like actual material reality assessing skills can be incredibly valuable, especially
[01:21:18.670 --> 01:21:26.890]  if you approach it with like a kind of like humility and openness, you know, so that's all I'll say about that.
[01:21:26.890 --> 01:21:37.770]  Yeah, no, that's right. And when you're saying that it made me think about the security education companion, which is like a really an example of a tool that we were getting at EFF, we were getting lots of folks that were asking us, especially, you know, following the last
[01:21:38.150 --> 01:21:44.610]  presidential election cycle, that were concerned about the impact that there was going to have on their communities and want to make sure that folks had information.
[01:21:44.850 --> 01:21:55.090]  And we thought about, you know, what could EFF just like, you know, parachute into different communities and have the answer and be able to provide it. And we realized that that wasn't a responsible or sustainable model.
[01:21:55.090 --> 01:22:09.090]  And so we have, with help of groups in the EFA, have developed the security education companion, which helps folks that are either maybe great teachers and facilitators but need some help in making sure their trainings effectively convey the intricacies of the technology,
[01:22:09.090 --> 01:22:21.090]  or the other way around where they're technologists and need help to be able to adapt their pedagogy skills and what have you. And so security education companion is also great. So if you're in your community and want to be a resource for folks in your community,
[01:22:21.090 --> 01:22:33.010]  that's a great tool and resource. And Abhi, the question that I want to ask you that fits right perfectly on top of that is, how would you recommend, this comes from the chat, and so I'm going to read it the way it's worded.
[01:22:33.010 --> 01:22:45.270]  How would you recommend those of us who may not be members of the communities that most need security, i.e. cis white males, build trust and truly collaborative relationships with communities who most need security?
[01:22:47.750 --> 01:23:04.850]  I mean, you know, that's a tough question. I mean, I don't think there's one answer. I think building off what I just said, it's kind of like, it's really about how you approach the issue, right? Like, what are you, like, again, like, you have something to offer, you have something to learn.
[01:23:04.850 --> 01:23:13.470]  And if you approach things with that perspective, you know, you're going to do much better than if you approach things from the perspective of I know everything or whatever.
[01:23:14.210 --> 01:23:35.050]  But, you know, I think that the name of the game is, is how do we build solidarity, right? How do we build relationships and networks that are collaborative, like across different identities and different communities, right?
[01:23:35.050 --> 01:23:53.690]  I mean, like, if we're all completely siloed forever, we will be divided and conquered. I mean, that is just, that is, like, almost a fact of history, right? So, you know, there's not one simple solution to that conundrum, right?
[01:23:53.690 --> 01:24:15.030]  But I do think that, like, building long lasting relationships, sustaining relationships, approaching the work with humility, approaching the work with, like, an interest in learning and like, but also approaching the work as, you know, it's a hard line, right?
[01:24:15.030 --> 01:24:36.570]  How do you, how do you approach work as an equal, but also recognizing difference, right? That is a hard thing to figure out, because, like, you know, I think that we often get caught up, like, it wasn't allies that won the Civil War, right? It was warriors, it was fighters, right?
[01:24:36.570 --> 01:25:01.610]  Like, we need, like, actual people engaged in actual struggle. We don't need people on the sidelines. But we also don't need people telling us what to do and domineering and dominating conversations. So, you know, being very conscious and open and engaging in that struggle, even internally and with other people and hashing it out and being open and honest about what you don't know.
[01:25:01.610 --> 01:25:11.270]  Like, that's, that's the only, that's all I can say. It's like, constantly engaging, constantly questioning, and constantly building networks and relationships of trust.
[01:25:11.610 --> 01:25:12.590]  Gotcha.
[01:25:12.590 --> 01:25:25.650]  Yeah, I mean, obviously, I've worked, I have worked really closely together and have challenged this question together. And so I absolutely couldn't agree more with what Abhi shared.
[01:25:25.650 --> 01:25:51.830]  Cypher Collective has an interesting thing that they do. And I'm hoping, Elliot, you'll speak a little bit because I think that's one of the things about creating that trust and an opportunity to, for folks to share kind of, like, the things that they're most concerned about and, like, their, and their things that they feel the most vulnerable about is, like, creating a space and an environment that, that, that makes that possible, that helps create a comfortability and an affinity to foster that.
[01:25:51.830 --> 01:26:05.970]  So, and I always, whenever I think about creating that environment, I think about security. And so I'm hoping maybe you'll share a little bit about what that is and why that model is effective that way, if it is effective that way. I think it is, but I want to hear from you. It's your event.
[01:26:05.970 --> 01:26:22.790]  I think it can be effective. And I think security and also a lot of other events that we have, they kind of all share in common that, you know, well, I think the overall topic might be security and definitely is security.
[01:26:22.790 --> 01:26:38.090]  It isn't sort of the only thing that we do. And I think that one of the reasons, you know, like at some points we have security and the whole session might not even be about security at all. And then, you know, we also have movie nights, you know, where it might not even be discussed.
[01:26:38.090 --> 01:26:55.230]  And I think that the reason we do that is to create a community, but I think that something that people should be aware of is that many of us come to security because we find it to be something that's intellectually interesting, or, you know, we have kind of a general moral feeling about it.
[01:26:55.230 --> 01:27:06.550]  But I think that something that's important to realize is that many people come to security workshops, because I guess to put it in the most simple way, they've had something bad happen to them.
[01:27:06.550 --> 01:27:22.990]  You know, it could be, as was mentioned earlier, intimate partner violence. It could be that they feel like the place where they work or the place where they go to school has taken advantage of them or made them feel vulnerable.
[01:27:22.990 --> 01:27:48.710]  And so it's coming from a place where people already have had something happen to them that gives them a problem in trusting people. And so I think that, you know, many of the things that we do that are more social are for fun, but I think it's also sort of, you know, to build an important relationship with people so that they feel comfortable really opening up about, you know, what they're looking for help with.
[01:27:48.710 --> 01:27:56.750]  And so I think that that is kind of why we try and do the range of events that we have to help people feel comfortable and build trust.
[01:27:57.430 --> 01:28:08.890]  Thank you. And so we are at time, but I want to give everyone an opportunity to kind of like leave with their closing message. And so I'm going to go around the way y'all are on my screen, which is Tracy, Avi, Emily, and Elliot.
[01:28:08.890 --> 01:28:24.090]  And so Tracy, I want to give you an opportunity, especially since Oakland is such a diverse community and y'all have done such amazing advocacy work there. If you want to build on to the question around like how building that trust and building that affinity and maybe even saying something about building coalition.
[01:28:24.090 --> 01:28:37.470]  And so if you want to talk to that and also like what is like the one thing that like if folks were wanted to wanted to to recreate or to model the work that Oakland Privacy has done in your community, what's the like the most important message you would want them to take?
[01:28:38.730 --> 01:28:39.570]  Right.
[01:28:39.910 --> 01:28:49.170]  Um, I think the most, well, the simplest thing that I could probably say is that, you know, the trust of your community is everything.
[01:28:49.170 --> 01:29:12.650]  We did a lot of listening. We did a lot of, um, you know, what do you want to see happen here? And we really saw ourselves as kind of the advocacy consultants, not so much, um, not so much coming in with a solution, but coming in with a here's what the community wants.
[01:29:12.650 --> 01:29:24.890]  And here are some tools that we can provide to sort of help us get to where we want to be together. And as we go out of Oakland to other places, that's even more important.
[01:29:24.890 --> 01:29:44.530]  And so we just kind of try to look for the advocacy opportunities, the thing that's happening that gives us an opportunity to sort of step up and say something and then sort of turn to the locals in partnership and say, um, you know, here are some things that we can try to achieve the goal.
[01:29:44.530 --> 01:30:02.130]  And the goal is, is almost always we want to have an impact on what happens. And when it comes to stuff like the spread of surveillance, it's, it's, it's all about consent. We want them to ask us and we, and we want the opportunity to say no.
[01:30:03.810 --> 01:30:21.490]  Absolutely. And yeah, and so and again, like the Kurt mentioned earlier, and Tracy's touched on it, and really like the community control over police surveillance ordinances are very much, you know, banning face surveillance, because face surveillance, even if it worked perfectly, the First Amendment and Fourth Amendment implications would be, would be too to stop, to stop the harm before it grows.
[01:30:21.790 --> 01:30:28.990]  But with the others, with the other surveillance equipment, it's really about making sure the power goes back into the community to have a voice in it and for their elected officials to make the decision.
[01:30:28.990 --> 01:30:38.610]  And so really thanks to Oakland Privacy for all the amazing work that you've done making that a thing, not just in Oakland, but in many cities, and with the support that you've given to folks throughout the Alliance and throughout our neighboring communities.
[01:30:39.050 --> 01:30:51.390]  Avi, what is like, what is the, what is, you spoke a lot about technologists facilitating and helping, working, build, building the tools and developing things to support folks that are engaged in movement work.
[01:30:51.390 --> 01:31:01.410]  If there's one thing that you want folks who are thinking about engaging that work, could like, what would it be? And then if you want to, we had one question I didn't get in, I didn't get a chance to respond to.
[01:31:01.410 --> 01:31:10.530]  So this will be an optional, this will be bonus points if you want to talk a little bit about the successes and failures of the GDPR in the limited time that we have. Go!
[01:31:10.530 --> 01:31:30.750]  Okay, look, so, you know, you said one thing, I'll give you three. I mean, like, I think you, one framework that I find useful to looking at this is, you know, I'm going to preach a holy trinity, right, of movement work, right, or of, you know, it's the holy trinity of time, space, and information, right?
[01:31:30.750 --> 01:31:53.010]  Those are the three things that we can look at, look at everything through, right? And so when we're approaching the work, what of those three can we offer and what can we bring to building, right? And they're all kind of work in a dynamic with each other, where if you have more space, you can kind of have less time and, you know, you can actually have more information, right?
[01:31:53.010 --> 01:32:16.750]  Like, they all work kind of together. But, like, thinking about, like, what, how we're engaging through that lens, I think, is very helpful in thinking about how we build because, like, that's how we create the bricks and mortar of building organization, of building movement, of building all the things I said before about networks, connections, and that's what we need, right?
[01:32:16.750 --> 01:32:34.530]  Like, our kind of opposition or, like, the forces that are working against us have those things in spades. And we are very lacking, especially in any kind of holistic vision of how we have those three things working together. So that's kind of time, space, information is my holy trinity.
[01:32:35.310 --> 01:33:00.370]  Thank you. And Emily, I really, I think that you, yeah, I don't think there's enough praise I could get to the work that Future Aid is doing. And also the work that you're doing pre-COVID and with COVID and trying to also not lose count of the folks who are not able to connect, like, virtually, right? Folks that, like, when you were doing events and libraries, it was easier for them to connect and to be able to do that work.
[01:33:00.370 --> 01:33:24.850]  And so the fact that you're keeping, you know, you're thinking about who's not in the room is really important, right? And so I really want to, like, lift up that work and say, if there's anything that you could offer to folks around, like, being able to do that work effectively and being able to center the folks who need it the most effectively in their communities, if there's some suggestions or guidance that you can offer there, we'd love to hear it.
[01:33:24.850 --> 01:33:41.610]  Yeah, absolutely. You know, I think there's a lot of organizations around you that, you know, have also, you know, done their work of understanding what are the some of the issues within the community that they also wish to address.
[01:33:41.610 --> 01:34:08.650]  And so to kind of cross-pollinate with other organizations will be a great way to learn really fast and effectively some of the issues that, you know, might be going on that you need perhaps maybe more of an expertise, like, on from someone else or you want, you know, a little bit more depth or understanding of an issue.
[01:34:08.650 --> 01:34:27.570]  And so to, I've really come to depend on my communications with other folks that do great work in our communities to ask them questions to learn and to see also kind of how we can address issues that I hadn't thought about.
[01:34:27.570 --> 01:34:53.630]  And just to be that open line of communication when they need, you know, objective security and privacy advice, as objective as I can humanly give, you know, so that they don't have to get it from a source that might be a vendor or just like not, you know, it's not an information security professional. So I do advise to do that if you can.
[01:34:53.630 --> 01:35:10.850]  Absolutely. Coalition building and working directly with the folks who are impacted and recognizing that, you know, you don't have to reinvent the wheel every time. You have to figure out the way that you can be most supportive in the system that's there to provide the support for folks. So thank you so much, Emily.
[01:35:10.850 --> 01:35:39.650]  And Elliot, I want to give you an opportunity to like whatever you think that folks should leave knowing about CYPR, but I hope that you'll also talk a little bit about one of the things I really like about CYPR is the focus that y'all put on making learning accessible. So I was wondering if there's any guidance you could leave for, you could also offer to folks that would want to replicate CYPR's work around how to at least be thinking through making sure that the work that you're doing is accessible for the broadest breadth of your community as possible.
[01:35:40.170 --> 01:36:04.690]  Yeah, totally. I think that, um, I guess I'll say two things about that. And then just one thing sort of in response to what other people have said, kind of agree with them. I think that if there's two things that help and are important to making something accessible, it's first, don't feel blocked into or limited to trying to teach something in one way.
[01:36:04.690 --> 01:36:24.810]  I think that there's like a variety of different ways to teach a specific topic. And you know, a way that works for some people might not work for other people. So it's okay. And I think even preferable to have like a variety of different approaches that somebody can take to understand the material.
[01:36:24.810 --> 01:36:52.370]  I'd say that's the first thing in making it accessible. And I think the second thing is to listen to the people that you're trying to communicate with as you're putting together a presentation or even just organizing your thoughts. Because I think that sort of checking in with your hopeful audience, before you start to put something together, it's just going to be huge. Because everybody's got an opinion. I mean, I guess I'm from Brooklyn, so everybody really does have an opinion.
[01:36:52.370 --> 01:36:54.130]  But only ours count, though.
[01:36:54.130 --> 01:37:12.890]  At least here, everybody's going to tell you exactly what they're thinking at all moments of the day or night. So it's like, you know, if you just check in with people before you go away and put something together, often, you know, they'll tell you exactly what they need. And that's why sort of community building beforehand is so important.
[01:37:12.890 --> 01:37:35.890]  I think the only other thing I wanted to quickly say was, I think that, you know, for people who want to set up EFA organizations, the great thing about the EFA is that it's all over the place. So, you know, I think that one of the great things to ask yourself is, you know, how is security or privacy relevant to me in Brooklyn, in Spokane, in Baltimore, in Philadelphia, in St. Louis?
[01:37:35.890 --> 01:37:48.170]  You know, how can it grow out of your local community, your city or town? And I think that will always, you know, be hugely helpful both to yourself and to the community in general.
[01:37:48.830 --> 01:37:57.650]  Absolutely. I can't thank you all enough. This has been this has been excellent and unsurprisingly, I know you all well enough to know that that's what it would be.
[01:37:57.650 --> 01:38:08.450]  And so I really want to thank you for the work that you're doing and remind folks that, you know, there's everyone that's on here is amazing, but also like they are amazing because they did the work. They showed up and they and they work with folks in their community.
[01:38:08.610 --> 01:38:21.730]  And you can also be providing that kind of support and engaging your community and that you are the expert in the needs of your particular community from the perspective that you're able to see it and understanding, you know, that you can work with other folks that have different perspectives on your community.
[01:38:21.730 --> 01:38:30.690]  And that there's a number of folks, all the folks that are here today, as well as the rest of the folks that you'll find at EFF.org slash fight that are part of Electronic Frontier Alliance associated groups.
[01:38:30.690 --> 01:38:38.270]  So reach out to us email organizing at EFF.org reach out to all you'll find links on that website to all of the groups that are in the alliance.
[01:38:38.270 --> 01:38:49.690]  And so there's folks here that really like inspired you and you want to be able to replicate their work, you can either reach out to organizing at EFF.org and we'll try to put you in touch, or go to the website and their links are there and you can contact them through the
[01:38:50.670 --> 01:39:03.470]  avenues that are available there as well. So yeah, and thanks again, everybody DEF CON. This has been amazing. Thanks again to Curt and Eva and Alexis and Hannah and Rory, of course, and just everyone have a good night.
[01:39:03.650 --> 01:39:12.190]  You know, go out and you know, whatever your whatever, however you unwind, take advantage of it and just keep continuing to love and take care of each other. All right. Thanks, everybody.
